Learn how to direct your requests dynamically to a specific server cluster using routes.
The OVHcloud Load Balancer service redirects the front-end’s incoming traffic to the servers that make up the front-end’s default farm, or its default redirection.
In some cases, you can go further and route, redirect, or block traffic according to a range of criteria. For example, in the case of an HTTP(S) service, you can filter traffic based on the HTTP method, the URL, or even the value of a cookie or header.
In the OVHcloud Load Balancer service, these elements are called routes. A route is a specific action to perform if one or more conditions are met.
Requirements
- An OVHcloud Load Balancer on a solution that lets you create routes
- Access to the OVHcloud API
Topics
- Instructions
- Examples
Instructions
Although this guide focuses on HTTP routes, the same principle applies to TCP routes. This can be useful for directing HTTP/2 traffic to a specific farm or rejecting incoming requests from certain IP addresses.
This feature is only available via the API. This guide will present the general principles as well as use cases for routes drawn from real-life scenarios.
Introduction to routes
A route controls traffic according to different criteria. You can express these criteria as rules, conditions, or actions.
For example, IF the URL starts with '/wp-admin/' (1) AND the connection is in HTTP (2) THEN redirect to the HTTPS version of the page (3).
In this example, there are two rules:
- the connection must come from an HTTP front-end (2)
- its URL must begin with the WordPress admin pages (1)
There is an action associated with these rules: redirect to the HTTPS version of the page (3).
This is what is known as an "end action." It means that if the rules are confirmed, the evaluation of routes stops, and the action is executed.
API presentation
You can only manage routes via the OVHcloud API. It is only valid for http and tcp protocols, and the /ipLoadbalancing/{serviceName}/{protocol}/route/ pathway exposes the API dedicated to routes.
The API for routes to the OVHcloud Load Balancer is specially designed for flexibility, power, and scalability. It is organized around three main sections:
- the APIs listing available rules and actions
- the APIs listing the routes configured on the OVHcloud Load Balancer service
- the APIs for configuring routes on the OVHcloud Load Balancer service
To only show the APIs linked to routes in the OVHcloud API console, you can use the filter field with ‘route’ as a keyword.
When you want to configure a route or rules, the first thing you need to do is to consult the available actions and rules. This will give you the possible values for the configuration fields of the route and rule APIs.
- A route can have several rules.
- A route can only be attached to a single front-end.
- A front-end can have several routes. In this case, the order of evaluation depends on its type and weight.
When a request arrives at your OVHcloud Load Balancer service, the routes are evaluated successively according to the following principles:
- First, reject and rewrite routes, then the server cluster routes.
- Within categories, the routes are evaluated in increasing weight order.
- If two routes are the same weight, the first route created is evaluated first.
- Only the first action from all the validated rules is executed.
Available rules and actions
This first section of the API contains an updated list of actions and rules available for the OVHcloud Load Balancer service. It contains one call for actions and another for rules. These two calls return a list of objects. Each object is named and indicates whether it applies to TCP or HTTP routers, as well as the expected values or types of values for the different fields of the API. If a field is “null”, this means that no value is expected. If an invalid value is entered, the API will return a validation error.
Actions
For more information on this call, please read the Available actions section at the bottom of this guide.
Rules
For more information on this call, please read the Available rules section at the bottom of this guide.
Configured routes
This section of the API only contains one call. It was mainly designed to help implement auto-completion mechanisms. It returns the ID, name, and type of each defined route. The details of a route can be obtained with a GET /ipLoadbalancing/{serviceName}/<http or tcp>/route/{type}/{routeId} call, defined further below.
For more information on this call, please read the Handling routes section at the bottom of this guide.
Route configuration
With these basic principles for available actions and rules, and the route evaluation order, these routes can be manipulated in the same way as server clusters. When you create a route, you can attach rules to it. The possible values for rules and actions are defined by the API calls.
For more information on these methods, please read the Handling routes section at the bottom of this guide.
Examples
To demonstrate the utility of routes, this section will offer some practical examples of the use of this technology for OVHcloud's internal needs, without going into the details of the API calls.
You can read about API calls in more detail in the Handling routes section at the bottom of this guide, and the sections that follow it.
Force HTTPS for WordPress login pages
The HTTPS protocol has become the norm. Its purpose is to make all websites available in HTTPS in a secure manner, thanks to the SSL/TLS protocol. If you need an SSL/TLS certificate, you can use the OVHcloud Load Balancer service to order a new one, which will be automatically managed for you.
Migrating a website to HTTPS requires work, especially to avoid mixed content problems. It may be worth migrating your website section by section, starting by securing pages that send login credentials.
One approach could be to base it on the beginning of WordPress URLs. By default, the URLs of login pages for WordPress start with "/wp-login". So we would need:
- a route with a redirection action
- a rule in this route that detects URLs starting with "/wp-login"
In practice, this gives a route like this:
| Field | Value and description |
|---|---|
| serviceName | Your OVHcloud Load Balancer service ID |
| frontendId | Your HTTP front-end ID |
| displayName | “Redirection of WordPress logins to HTTPS” |
| weight | (empty) |
| action.type | "redirect" |
| action.status | 302 for a temporary redirection, 301 for a permanent redirection |
| action.target | "https://\${host}\${path}\${arguments}" to take the same host, path and arguments |
On this route, we will attach a rule:
| Field | Value and description |
|---|---|
| serviceName | Your OVHcloud Load Balancer service ID |
| routeId | Route ID created above |
| field | "uri" |
| subField | (empty) |
| match | "startswith" |
| negate | false |
| pattern | "/wp-login" |
Next, apply the configuration to the zone concerned.
NOTE: To add a new redirection, you will need to repeat these actions again, creating a route and then a rule. If a second rule is added to the same route, the two rules need to be validated for the redirect to work. Note that if the rules are startswith /wp-login and startswith /wp-admin, the redirection would never work because these two conditions cannot both be true at once.
Route based on a domain (VHost)
This is the feature that made the web possible when it was in its infancy, with the possibility of exposing several sites behind the same IP address, thanks to the "Host" field of HTTP headers.
For example, if your infrastructure is made up of a VPS for your website, an OVHcloud Load Balancer for SSL/TLS termination, and redirections to a maintenance page with a backup server in the server clusters, you would need an Additional IP per website, routed to your OVHcloud Load Balancer, and one front-end per IP.
With routes, you can share the same front-end and choose the server cluster dynamically, with the [a-z] field.
To do this, you will need:
- one route per VHost
- one rule per route detecting a specific domain
In practice, to route the domain www.example.com, this would give the following route:
| Field | Value and description |
|---|---|
| serviceName | Your OVHcloud Load Balancer service ID |
| frontendId | Your front-end ID |
| displayName | "VHost - www.example.com" |
| weight | (empty) |
| action.type | "farm" |
| action.status | (empty) |
| action.target | ID of the server cluster to direct this domain to |
And on this route, we will attach a rule:
| Field | Value and description |
|---|---|
| serviceName | Your OVHcloud Load Balancer service ID |
| routeId | Route ID created above |
| field | "host" |
| subField | (empty) |
| match | "is" |
| negate | false |
| pattern | "www.example.com" or a domain of your choice |
Finally, apply the configuration.
Reserve an Additional IP for a specific website
If you are hosting a website on a VPS, you may want to dedicate an IP address to a specific customer. You can easily make the IP available by routing it to your OVHcloud Load Balancer service, then configuring a dedicated front-end attached to this Additional IP, and setting the client's target VPS as the defaultFarmId.
However, what will happen if another client detects this and configures their domain to point to the premium client's IP? By default, this will work, and their website will be routed to another client's VPS. If an SSL/TLS certificate is present, this will still work, as all certificates are automatically available for all frontends.
In such scenarios, the solution is to add a rule that rejects requests if the domain is not a premium one. You can do this with a reject route and a rule.
In practice, reserving a front-end with an IP dedicated to the domain www.example.com will give the following route:
| Field | Value and description |
|---|---|
| serviceName | Your OVHcloud Load Balancer service ID |
| frontendId | Your front-end ID |
| displayName | "Restrict to www.example.com" |
| weight | (empty) |
| action.type | "reject" |
| action.status | 403 |
| action.target | (empty) |
And on this route, we will attach a rule:
| Field | Value and description |
|---|---|
| serviceName | Your OVHcloud Load Balancer service ID |
| routeId | Route ID created above |
| field | "host" |
| subField | (empty) |
| match | "is" |
| negate | true |
| pattern | "www.example.com" or a domain of your choice |
Finally, apply the configuration.
Route based on a URL and an HTTP method
On some specific infrastructures, certain requests must be routed to a specific server cluster. For example, to handle rare but data-intensive requests without impacting production, such as analytical requests that work on a read-only duplicate of the data, with a server that has a higher volume of memory.
If, for example, the request is sent:
- with the POST method
- on a URL corresponding to "^/.*/batch-analytics$"
Then, you would need a route with two rules, one of which uses a regular expression.
In practice, this gives a route like this:
| Field | Value and description |
|---|---|
| serviceName | Your OVHcloud Load Balancer service ID |
| frontendId | Your front-end ID |
| displayName | "Route batch analytics to dedicated farm" |
| weight | (empty) |
| action.type | "farm" |
| action.status | (empty) |
| action.target | ID of the server cluster to direct these operations to |
And on this route, we will attach two rules:
| Field | Rule 1 | Rule 2 |
|---|---|---|
| serviceName | Your OVHcloud Load Balancer service ID | as for rule 1 |
| routeId | Route ID created above | as for rule 1 |
| field | "method" | "uri" |
| subField | (empty) | (empty) |
| match | "is" | "matches" |
| negate | false | false |
| pattern | "POST" | "^/.*/batch-analytics$" |
Here, the first rule applies to an enumeration. Only standard HTTP methods are available. The second rule, on the other hand, exploits the full power of routes by using a regular expression. Although it is possible to use such expressions, avoiding them results in enhanced performance.
All that remains is to apply the configuration in the concerned area.
Route certain IPs and voluntary clients to preproduction
When a site grows, you may want to set up a preproduction environment to validate ongoing changes, without affecting the majority of users. Generally, when configuring this type of environment, you want to reduce the gap as much as possible between production and preproduction to detect problems as accurately as possible. A classic and often neglected source of problems is the domain name. It is sometimes hardcoded in a file or an article. At that point, a link may work in preproduction but not in production.
Instead of setting up rules based on the domain name, you could set up rules based on the source IP address (for example, an enterprise proxy) and possibly a cookie for voluntary clients. These configurations can be detected with two routes on the OVHcloud Load Balancer service.
For this example, we will consider that:
- the enterprise proxy can use the addresses 42.42.42.0/24, and the VPN uses 1.2.3.4/32
- the voluntary users have a "PreprodOptIn" cookie — the value is not important
In practice, will need two identical routes:
| Field | Value and description |
|---|---|
| serviceName | Your OVHcloud Load Balancer service ID |
| frontendId | Your front-end ID |
| displayName | "Route Opt-In and internal users to pre-production environment" |
| weight | (empty) |
| action.type | "farm" |
| action.status | (empty) |
| action.target | Your pre-production server cluster's ID |
Then we will attach the following two rules to each of the routes (one rule per route):
| Field | Rule 1 | Rule 2 |
|---|---|---|
| serviceName | Your OVHcloud Load Balancer service ID | as for rule 1 |
| routeId | ID of the first route | ID of the second route |
| field | "source" | "cookie" |
| subField | (empty) | "PreprodOptIn" |
| match | "in" | "exists" |
| negate | false | false |
| pattern | "42.42.42.0/24, 1.2.3.4" | (empty) |
The first rule checks if the source IP is in a list of address ranges. In this case, the different address ranges are separated by commas and can be surrounded by spaces for better readability. If a range contains only one address, the "/32" is implicit but can be added explicitly. In any case, the size of this field is limited to 255 characters.
The second rule simply checks the existence of the cookie. It would be possible to check if its value matches a regular expression or is in a list of possibilities, but this allows to show a simple example of what can be done with cookies. Rules based on HTTP Headers work according to a similar approach.
All that remains is to apply the configuration in the concerned area.
Route WebSockets to a dedicated server cluster
When a website has interactive functions based on WebSockets — a chatbot, for example — you may want to direct these connections to a server cluster dedicated to this task. This is quite simple. When a browser tries to open a WebSockets connection, it sends a standard HTTP request with these headers:
In this case, only the first header needs to be detected. This can be done very easily with a route and a rule:
| Field | Value and description |
|---|---|
| serviceName | Your OVHcloud Load Balancer service ID |
| frontendId | Your front-end ID |
| displayName | "Route WebSockets to a dedicated farm" |
| weight | (empty) |
| action.type | "farm" |
| action.status | (empty) |
| action.target | ID of the server cluster dedicated to WebSockets |
And on this route, we will attach a rule:
| Field | Value and description |
|---|---|
| serviceName | Your OVHcloud Load Balancer service ID |
| routeId | Route ID created above |
| field | "header" |
| subField | "Upgrade" |
| match | "is" |
| negate | false |
| pattern | "websocket" (case-sensitive) |
Next, apply the configuration to the zone concerned.
References
You will find here the details of the API calls related to routes. For a more general overview of route features, we invite you to first consult the section " API presentation " a little further up in this guide.
Handling routes
TCP and HTTP routes are configured in the same way. Since HTTP routes are more powerful, this section focuses on HTTP routes and rules. The operation of TCP routes can be extrapolated by replacing "http" with "tcp" in the routes. Some fields only make sense in HTTP, so they are not available in TCP.
List the routes
This call returns the list of ID numbers of routes defined for HTTP protocol. You can filter this list by frontendId. This call returns the routes in the order in which they will be evaluated. The evaluation order can be partially controlled by the weight of the route.
Parameters:
| Setting | Required | Meaning |
|---|---|---|
| serviceName | Required | Your Load Balancer service ID |
| frontendId | ID number of an HTTP front-end the routes are attached to |
Create a route
With this call, you can create a route. Only the action is mandatory. A route can be attached to and detached from a front-end. You can create up to 50 routes on an OVHcloud Load Balancer. This call returns the created route in case of success. Your OVHcloud Load Balancer service must be redeployed to apply the changes.
Parameters:
| Setting | Required | Meaning |
|---|---|---|
| serviceName | Required | Your Load Balancer service ID |
| displayName | Display name for your route (255 characters maximum) | |
| frontendId | ID number of an HTTP front-end to attach the route to | |
| weight | Route priority, between 1 (carry out first) and 255 (carry out after the others) | |
| action.type | Required | Name of the action type to execute if all of the rules associated with the route are validated |
| action.status | HTTP status code for reject and redirect actions |
|
| action.target | ID number of the target server cluster for farm actions, or the URL template for redirect actions |
The possible action types are listed below:
| action | Meaning |
|---|---|
| redirect | Redirects a request to action.target, with the HTTP action.status code |
| reject | Rejects a request with the HTTP action.status code |
| farm | Routes a request to the server cluster with the ID entered in action.target
|
For further information on the actions managed and the format of parameters, please read the Available actions section further down.
View details on a route
With this call, you can view details on an HTTP route if you know its ID.
Query Parameters:
| Setting | Meaning |
|---|---|
| serviceName | Your Load Balancer service ID |
| routeId | The route’s ID number |
Answer Parameters:
| Setting | Meaning |
|---|---|
| routeId | The route’s ID number |
| displayName | The display name for your route |
| frontendId | ID number of the front-end your route is attached to |
| weight | Priority of your route |
| action.type | Name of the action type for your route |
| action.status | Associated HTTP status code |
| action.target | ID number of the associated server cluster or URL template |
| rules | List of rules that must be validated to trigger the route’s action. More detail on this is available in the Handling rules section. |
For further information on the actions managed and the format of parameters, please read the Available actions section further down.
Modify a route
With this call, you can modify an HTTP route if you know its ID. You will need to redeploy your OVHcloud Load Balancer to apply the changes.
Parameters:
| Setting | Required | Meaning |
|---|---|---|
| serviceName | Required | Your Load Balancer service ID |
| routeId | Required | The route’s ID number |
| displayName | Display name for your route (255 characters maximum) | |
| frontendId | ID number of an HTTP front-end to attach the route to | |
| weight | Route priority, between 1 (carry out first) and 255 (carry out after the others) | |
| action.type | Required | Name of the action type to execute if all of the rules associated with the route are validated |
| action.status | HTTP status code for reject and redirect actions |
|
| action.target | ID number of the target server cluster for farm actions, or the URL template for redirect actions |
For further information on the actions managed and the format of parameters, please read the Available actions section further down.
Delete a route
With this call, you can delete an HTTP route if you know its ID. When a route is deleted, all of the rules associated with the route are deleted, too. You do not need to delete them individually. You will need to redeploy your OVHcloud Load Balancer to apply the changes.
Parameters:
| Setting | Required | Meaning |
|---|---|---|
| serviceName | Required | Your Load Balancer service ID |
| routeId | Required | The route’s ID number |
Handling rules
List the rules
This call returns the list of ID numbers of rules defined for a particular route.
Parameters:
| Setting | Required | Meaning |
|---|---|---|
| serviceName | Required | Your Load Balancer service ID |
| routeId | Required | The route’s ID number |
Attach a rule
With this call, you can attach a rule to a route. You can attach up to 5 rules per route on an OVHcloud Load Balancer. This call returns the route created, if it is successful. You will need to redeploy your OVHcloud Load Balancer to apply the changes.
Parameters:
| Setting | Required | Meaning |
|---|---|---|
| serviceName | Required | Your Load Balancer service ID |
| routeId | Required | The route’s ID number |
| field | Required | The name of the HTTP parameter to apply the rule to |
| subField | HTTP header name for the header rules, or cookie name for cookie rules |
|
| match | Required | Name of the comparison to apply to validate the rule |
| negate | Reverses the comparison result | |
| pattern | Comparison pattern |
field
| Value | Meaning |
|---|---|
| source | The address or list of source IP addresses (a.b.c.d/z) |
| protocol | Protocol (“http” or “https”) |
| method | HTTP method (GET, HEAD, POST, PUT, DELETE, OPTIONS, CONNECT, TRACE) |
| host | Domain name (vhost), without the port number |
| uri | Path of the request as it appears between the first "/" and the last "?" |
| param | HTTP parameter contained in the part after the first "?" |
| header | HTTP header |
| cookie | HTTP cookie |
match
| Value | Meaning |
|---|---|
| exists | The property must exist (e.g. HTTP header or cookie) |
| - | The property must correspond exactly to a pattern
|
| in | The property must be in the list of values (separated by commas) defined by pattern
|
| contains | The property must contain the pattern value |
| startswith | The property must start with the pattern value |
| endswith | The property must end with the pattern value |
| matches | The property must match the regular pattern expression |
For further information on the rules managed and the format of parameters, please read the Available rules section further down.
View details on a rule
With this call instruction, you can view the details on a rule attached to an HTTP route if you know its ID.
Query Parameters:
| Setting | Meaning |
|---|---|
| serviceName | Your Load Balancer service ID |
| routeId | The route’s ID number |
| ruleId | The rule’s ID number |
Answer Parameters:
| Setting | Meaning |
|---|---|
| ruleId | The rule’s ID number |
| field | Name of the HTTP parameter to apply the rule on |
| subField | Name of the HTTP header or cookie for the rule |
| match | Name of the comparison to apply to validate the rule |
| negate | "true" if the comparison result is reversed |
| pattern | Comparison argument. The direction and syntax depend on the match and the field. |
For further information on the rules managed and the format of parameters, please read the Available rules section further down.
Modify a rule
With this call, you can modify a rule attached to an HTTP route if you know its ID. You will need to redeploy your OVHcloud Load Balancer to apply the changes.
Parameters:
| Setting | Required | Meaning |
|---|---|---|
| serviceName | Required | Your Load Balancer service ID |
| routeId | Required | The route’s ID number |
| ruleId | Required | The rule’s ID number |
| field | Required | The name of the HTTP parameter to apply the rule to |
| subField | HTTP header name for the header rules, or cookie name for cookie rules |
|
| match | Required | Name of the comparison to apply to validate the rule |
| negate | Reverses the comparison result | |
| pattern | Comparison pattern |
For further information on the rules managed and the format of parameters, please read the Available rules section further down.
Delete a rule
With this call, you can delete a rule attached to an HTTP route if you know its ID. You will need to redeploy your OVHcloud Load Balancer to apply the changes.
Parameters:
| Setting | Required | Meaning |
|---|---|---|
| serviceName | Required | Your Load Balancer service ID |
| routeId | Required | The route’s ID number |
| ruleId | Required | The rule’s ID number |
If you want to delete a route, you do not need to delete all the rules attached to it. The rules are automatically deleted when you delete the route.
List all of the TCP and HTTP routes
With this call, you can get a list of all the IDs, display names, and types ("http"/"tcp") of routes defined on an OVHcloud Load Balancer service. It is designed to simplify the implementation of auto-completion.
Query Parameters:
| Setting | Meaning |
|---|---|
| serviceName | Your Load Balancer service ID |
Answer Parameters:
| Setting | Meaning |
|---|---|
| type | Type of protocol for the route: "tcp" for TCP routes, "http" for HTTP routes |
| routeId | The route’s ID number |
| displayName | The display name of the route |
Available actions
This call returns the list of actions available for TCP and HTTP routes, as well as the values expected for each of the fields.
If a field is “null”, this means that no value is expected. If an invalid value is entered, the API will return a validation error.
All of the actions managed by the OVHcloud Load Balancer service are final. This means that executing an action also triggers the end of route evaluation.
Query Parameters:
| Setting | Meaning |
|---|---|
| serviceName | Your Load Balancer service ID |
Answer Parameters:
| Setting | Meaning |
|---|---|
| type | Shows if this action is valid for an HTTP or a TCP route |
| name | Name of the action to enter into the type field of routes |
| status | List of HTTP status codes available for this action (status fields of routes) |
| destination | Value type expected in the destination fields for routes |
This action sends a redirection to the visitor. This redirection type can be configured with the status field. When this action is selected, no server clusters will receive the request.
| Setting | Value |
|---|---|
| type | redirect |
| status | 301, 302, 303, 307 or 308 |
| target | Target URL (may contain variables) |
Only the HTTP redirection status codes can be specified. The most common codes are 301 and 302. If you have any doubts, you can set up a 302 (temporary redirection). The HTTP status codes for redirections are:
| Status code | Description |
|---|---|
| 301 | Permanent redirection. The redirection can be saved by the browser. |
| 302 (default) | Temporary redirection. The redirection must be revalidated for each request by the browser. |
| 303 | Works like a 302, and forces the use of the HTTP GET method. |
| 307 | Works like a 302, and forces the same HTTP method to be reused (GET, POST, etc.). |
| 308 | Works like a 301, and forces the same HTTP method to be reused (GET, POST, etc.). |
The destination URL may contain simple variables. This helps users redirect to another domain, another protocol, or add a suffix/prefix to a URL. The recognized variables are:
| Variable | Description |
|---|---|
protocol |
Protocol of the request ("http" or "https") |
domain |
Domain name of the request, without the port number |
host |
"Host" field of the request, including the port number, if there is one |
port |
Port of the request |
path |
Path of the request, starts with a '/' and ends before the first '?' |
arguments |
Arguments of the request, starts with a '?' if present |
For example:
- redirect to https:
https://${host}${path}${arguments} - redirect to a new domain:
${protocol}://new.example.com${path}${arguments} - prefix the URL:
${protocol}://${host}/staging${path}${arguments}
This action returns an HTTP error status code to the visitor. The HTTP error code can be configured with the status field. When this action is selected, no server clusters will receive the request.
| Setting | Value |
|---|---|
| type | reject |
| status | 200, 400, 403, 405, 408, 429, 500, 502, 503 or 504 |
| target | not available |
This action is also available in TCP. In this case, the status parameter is not available, and the request is terminated. TCP requests that are terminated like this are not compatible with high percentages of requests.
Only the HTTP error codes listed in the API can be specified. The most common ones are 400 ("Bad request") errors, and 403 ("Forbidden") errors. A 200 code can be used to block a request type while simulating a success, and a 503 code can be used to simulate a server outage.
| Status code | Description |
|---|---|
| 200 | The request has been successfully executed. |
| 400 | Invalid request. |
| 403 (default) | Access forbidden. |
| 405 | Method (GET, POST, PUT, ...) invalid or not managed. |
| 408 | The request has taken too long to be sent by the client. |
| 429 | The client has sent too many requests (rate limiting). |
| 500 | Generic server error. |
| 502 | Error communicating with the server. |
| 503 | The service is temporarily unavailable. |
| 504 | The server has taken too much time to respond. |
This action redirects requests to a specific server cluster, other than the default server cluster configured on the front-end. The destination farm must be the same type as the front-end ("http" or "tcp").
| Setting | Value |
|---|---|
| type | farm |
| status | not available |
| target | The destination server cluster's ID number. This must be the same type. |
This action is also available in TCP. In this case, the destination server cluster type must be "tcp".
Available rules
This call returns the list of rules available for TCP and HTTP routes, as well as the values expected for each of the fields.
If a field is “null”, this means that no value is expected. If an invalid value is entered, the API will return a validation error.
Query Parameters:
| Setting | Meaning |
|---|---|
| serviceName | Your Load Balancer service ID |
Answer Parameters:
| Setting | Meaning |
|---|---|
| type | Type of protocol for the route: "tcp" for TCP routes, "http" for HTTP routes |
| name | Name of the property on which to apply this rule, to be entered into the field field |
| hasSubField | "true" is this property is a sub-property (e.g. a header or cookie) |
| matches | List of comparisons available for each rule, to be entered into the match field |
| pattern | Type of value expected for the pattern field |
| enum | List of values for the chmaps pattern, if it is a list |
The different pattern types are:
| Value | Meaning |
|---|---|
| cidr | IP address (a.b.c.d) or sub-network (a.b.c.d/z) |
| string | Free text. For the in operator, a list of values separated by columns (255 characters maximum) |
| enum | The field is a list defined in enum
|
With this rule, you can filter requests depending on their protocol. In practice, the uses for this rule are quite limited, as the protocol depends on the front-end that the route is attached to, or a front-end that only manages a single protocol recognized the moment the route is defined.
| Fields | Value |
|---|---|
| name | protocol |
| hasSubField | no |
| matches |
is or in
|
| pattern |
tcp, tls, http or https
|
With this rule, you can filter requests depending on their source address. By combining it with a rule based on the URI or the domain name, you can restrict certain resources to an enterprise proxy while exposing all of your other resources without restrictions, via your OVHcloud Load Balancer.
| Fields | Value |
|---|---|
| name | source |
| hasSubField | no |
| matches |
is or in
|
| pattern | Sub-network (a.b.c.d/z) or address (a.b.c.d) |
To block a particular network and address, for example, you can use a pattern like "4.4.0.0/16, 8.8.8.8".
This rule allows filtering requests based on their domain name. This can, for example, be used to reproduce the "vhost" function of Apache or to route all domains starting with "mail." to a server dedicated to webmail.
| Fields | Value |
|---|---|
| name | host |
| hasSubField | no |
| matches |
is, in, contains, startswith, endswith, or matches
|
| pattern | Character chain or regular expression |
This action is also available in TCP. It will only work if the front-end is configured to accept SSL/TLS connections, and if the client sends an "SNI" option. This is especially the case with recent web browsers.
This rule allows filtering requests based on the HTTP method. It is commonly used in conjunction with a rule based on the request URI or path to make the rule more selective.
| Fields | Value |
|---|---|
| name | method |
| hasSubField | no |
| matches |
is or in
|
| pattern |
GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, or TRACE
|
This rule allows filtering requests based on the request path or URI. The request path is the part between the first '/' included and the first '?' excluded.
| Fields | Value |
|---|---|
| name | uri |
| hasSubField | no |
| matches |
is, in, contains, startswith, endswith, or matches
|
| pattern | Character chain or regular expression |
This rule filters requests depending on their existence, or the value of a specific HTTP request parameter. This is the part after the first '?'. If a parameter is specified several times in a request, only the first instance is taken into account.
| Fields | Value |
|---|---|
| name | param |
| hasSubField | yes |
| matches |
is, in, contains, startswith, endswith, or matches
|
| pattern | Character chain or regular expression |
This rule allows filtering requests based on the existence or value of a specific HTTP header. This can for example be used to detect the opening of a websocket connection and route it to a dedicated farm.
| Fields | Value |
|---|---|
| name | header |
| hasSubField | yes |
| matches |
is, in, contains, startswith, endswith, or matches
|
| pattern | Character chain or regular expression |
This rule allows filtering requests based on the existence or value of a specific HTTP cookie. This can for example be used to direct opt-in visitors to a pre-production farm.
| Fields | Value |
|---|---|
| name | cookie |
| hasSubField | yes |
| matches |
is, in, contains, startswith, endswith, or matches
|
| pattern | Character chain or regular expression |
Go further
For more information and tutorials, please see our other OVHcloud Load Balancer guides or explore the guides for other OVHcloud products and services.